Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Openpages Grc Platform  >> 7.0.0.0  Security Vulnerabilities
CVE-2015-5049
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.001
Published
2016-01-01
CVE-2015-0145
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
CVSS Score
6.8
EPSS Score
0.001
Published
2015-10-03
CVE-2015-0144
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-10-03
CVE-2015-0143
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-10-03
CVE-2015-0142
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.
CVSS Score
4.0
EPSS Score
0.004
Published
2015-10-03
CVE-2015-0141
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
CVSS Score
4.0
EPSS Score
0.002
Published
2015-10-03
CVE-2014-8916
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144.
CVSS Score
3.5
EPSS Score
0.002
Published
2015-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved